Code injection

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4117

CVE-2021-4117 affects Yetiforcecrm / YetiForceCRM. Multiple connected sources describe a business logic error related to weight handling in the product data, with explicit notes that the weight value can be negative and that the issue stems from processing/validation logic. CVE entries and adviso...

CVE-2021-4117 Business Logic Errors in yetiforcecompany/yetiforcecrm

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4111

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4111

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4111

yetiforcecrm is vulnerable to Business Logic Errors...

Code injection

yetiforcecrm is vulnerable to Business Logic Errors...

CVE-2021-4111 Business Logic Errors in yetiforcecompany/yetiforcecrm

yetiforcecrm is vulnerable to Business Logic Errors...

SUSE SLES12 Security Update : kernel (Live Patch 25 for SLE 12 SP5) (SUSE-SU-2021:4021-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4021-1 advisory. - In ip6xmit of ip6output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege...

PT-2021-23144 · Unknown · Yetiforcecrm

Name of the Vulnerable Software and Affected Versions: YetiForceCRM affected versions not specified Description: The issue concerns Business Logic Errors in YetiForceCRM, specifically related to the Weight of a Product. The problem arises because the weight value can be set to a negative number...

SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2021:4090-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4090-1 advisory. - In bpfskbchangehead of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of...

SUSE SLES12 Security Update : kernel (Live Patch 40 for SLE 12 SP3) (SUSE-SU-2021:4057-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:4057-1 advisory. - A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to all...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 22 for SLE 12 SP4) (SUSE-SU-2021:4038-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4038-1 advisory. - In bpfskbchangehead of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

Business Logic Errors in yetiforcecompany/yetiforcecrm

Description YetiForceCRM application is vulnerable to Business Logic Errors in the Weight of a Product since that value can be a negative number. Proof of Concept 1.After login, in the left menu bar, click Databases - Products 2.Click any product to go to the product details. 3.In the product...

Invalid handling of `X509_verify_cert()` internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

Discourse 安全漏洞

Discourse is an open source community discussion platform that includes community, email and chat room features. The platform includes community, email and chat room features. discourse-footnote has a security vulnerability that could be exploited to trigger null-reference javascript errors...

PT-2021-6411 · Siemens · Syngo Fastview

Name of the Vulnerable Software and Affected Versions: syngo fastView All versions Description: A vulnerability has been identified in the affected application, which lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end o...

PT-2021-6340 · Microsoft · Edge For Android

Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to perform a spoofing attack. There...